cbcvebase.

Trendmicro Apex One vulnerabilities

173 known vulnerabilities affecting trendmicro/apex_one.

Total CVEs
173
CISA KEV
10
actively exploited
Public exploits
0
Exploited in wild
12
Severity breakdown
CRITICAL10HIGH116MEDIUM47

Vulnerabilities

Page 6 of 9
CVE-2022-30701P3HIGHCVSS 7.8fixed in 14.0.10349v20192022-05-27
CVE-2022-30701 [HIGH] CWE-427 CVE-2022-30701: An uncontrolled search path element vulnerability in Trend Micro Apex One and Apex One as a Service An uncontrolled search path element vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to craft a special configuration file to load an untrusted library with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target syste
nvd
CVE-2021-42104P3HIGHCVSS 7.8v20192021-10-21
CVE-2021-42104 [HIGH] CWE-269 CVE-2021-42104: Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Bus Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system i
nvd
CVE-2021-42105P3HIGHCVSS 7.8v20192021-10-21
CVE-2021-42105 [HIGH] CVE-2021-42105: Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Bus Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order
nvd
CVE-2021-42107P3HIGHCVSS 7.8v20192021-10-21
CVE-2021-42107 [HIGH] CVE-2021-42107: Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Bus Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order
nvd
CVE-2021-42106P3HIGHCVSS 7.8v20192021-10-21
CVE-2021-42106 [HIGH] CVE-2021-42106: Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Bus Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order
nvd
CVE-2021-32463P3HIGHCVSS 7.8v20192021-07-20
CVE-2021-32463 [HIGH] CWE-732 CVE-2021-32463: An incorrect permission assignment denial-of-service vulnerability in Trend Micro Apex One, Apex One An incorrect permission assignment denial-of-service vulnerability in Trend Micro Apex One, Apex One as a Service (SaaS), Worry-Free Business Security 10.0 SP1 and Worry-Free Servgices could allow a local attacker to escalate privileges and delete files with system privileges on affected installations. Please note: an attacker must first obtain the ab
nvd
CVE-2021-42011P3HIGHCVSS 7.8v20192021-10-21
CVE-2021-42011 [HIGH] CWE-276 CVE-2021-42011: An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service c An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2023-34145P3HIGHCVSS 7.8fixed in 14.0.12518v20192023-06-26
CVE-2023-34145 [HIGH] CVE-2023-34145: An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service securit An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar,
nvd
CVE-2023-34144P3HIGHCVSS 7.8fixed in 14.0.12518v20192023-06-26
CVE-2023-34144 [HIGH] CWE-426 CVE-2023-34144: An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service securit An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a s
nvd
CVE-2022-45798P3HIGHCVSS 7.8v20192022-12-24
CVE-2022-45798 [HIGH] CWE-59 CVE-2022-45798: A link following vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Tr A link following vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges by creating a symbolic link and abusing the service to delete a file. Please note: an attacker must first obtain the ability to execute low-privileged code on the target
nvd
CVE-2021-45441P3HIGHCVSS 7.8v20192022-01-10
CVE-2021-45441 [HIGH] CWE-346 CVE-2021-45441: A origin validation error vulnerability in Trend Micro Apex One (on-prem and SaaS) could allow a loc A origin validation error vulnerability in Trend Micro Apex One (on-prem and SaaS) could allow a local attacker drop and manipulate a specially crafted file to issue commands over a certain pipe and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in ord
nvd
CVE-2022-41747P3HIGHCVSS 7.8v20192022-10-10
CVE-2022-41747 [HIGH] CWE-295 CVE-2022-41747: An improper certification validation vulnerability in Trend Micro Apex One agents could allow a loca An improper certification validation vulnerability in Trend Micro Apex One agents could allow a local attacker to load a DLL file with system service privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2022-41749P3HIGHCVSS 7.8v20192022-10-10
CVE-2022-41749 [HIGH] CWE-346 CVE-2022-41749: An origin validation error vulnerability in Trend Micro Apex One agents could allow a local attacker An origin validation error vulnerability in Trend Micro Apex One agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2020-28572P3HIGHCVSS 7.8v20192020-11-18
CVE-2020-28572 [HIGH] CVE-2020-28572: A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product instal A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product installer to reinstall the agent with additional malicious code in the context of a higher privilege.
nvd
CVE-2021-23139P3HIGHCVSS 7.5v20192021-10-21
CVE-2021-23139 [HIGH] CWE-476 CVE-2021-23139: A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an attacker to crash the CGI program on affected installations.
nvd
CVE-2022-44654P3HIGHCVSS 7.5fixed in 14.0.11789v20192022-12-12
CVE-2022-44654 [HIGH] CWE-122 CVE-2022-44654: Affected builds of Trend Micro Apex One and Apex One as a Service contain a monitor engine component Affected builds of Trend Micro Apex One and Apex One as a Service contain a monitor engine component that is complied without the /SAFESEH memory protection mechanism which helps to monitor for malicious payloads. The affected component's memory protection mechanism has been updated to enhance product security.
nvd
CVE-2021-25246P3MEDIUMCVSS 6.5v20192021-02-04
CVE-2021-25246 [MEDIUM] CVE-2021-25246: An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user to create a bogus agent on an affected server that could be used then make valid configuration queries.
nvd
CVE-2022-40143P3HIGHCVSS 7.3v20192022-09-19
CVE-2022-40143 [HIGH] CWE-59 CVE-2022-40143: A link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Ap A link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service servers could allow a local attacker to abuse an insecure directory that could allow a low-privileged user to run arbitrary code with elevated privileges. Please note: an attacker must first obtain the ability to execute low-privilege
nvd
CVE-2022-45797P4HIGHCVSS 7.1v20192022-12-12
CVE-2022-45797 [HIGH] CVE-2022-45797: An arbitrary file deletion vulnerability in the Damage Cleanup Engine component of Trend Micro Apex An arbitrary file deletion vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges and delete files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to expl
nvd
CVE-2024-36304P4HIGHCVSS 7.0fixed in 14.0.13139≥ 14.0, < 14.0.0.129802024-06-10
CVE-2024-36304 [HIGH] CWE-367 CVE-2024-36304: A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agen A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
Trendmicro Apex One vulnerabilities | cvebase